Governments never cease to amaze, and Florida is writing the handbook on how to spin a technology hot potato with more bad spin. Heres the formula: Take offshore outsourcing, add just a dash of potential identity theft and toss in the urge to cover your backside (CYA) to create one strange brew.
The state of Florida notified 108,000 former and current employees that their files have been improperly sent offshore. The crime: Florida didnt know data was being sent offshore because its subcontractor had a subcontractor that went overseas.
Lets read between the lines of Floridas warning to its current and former employees March 16:
On February 3, 2006, the Department of Management Services (DMS) notified state employees that it was investigating allegations that GDXdata/Document Imaging—a U.S. company under subcontract with Convergys/People First!—may have offshored some of the work that Convergys hired it to do.
OK, so to this point all we know is that Florida cant keep tabs on its vendors vendors. At last check, offshoring wasnt illegal.
DMS has since uncovered evidence that GDXdata used two or more subcontractors in India to “index” personnel files. To date, DMS has received no reports of identity theft as a result of the offshore work.
This is the first reference of offshoring and identity theft. Does one lead to another? Sure sounds it, but lets not jump the data breach gun.
Tiffany Koenigkramer, a spokesperson for Floridas department of Management Services, denied that a data breach had occurred.
“There has been no ID theft and no credit fraud,” she told eWEEKs Stan Gibson.
So why mention the two together? Hmmm. Lets read on.
The offshore work was completed almost two years ago (June 2004). Since June 2004, all indexing of state employee personnel records has been handled in Florida, in Convergys facilities. “Indexing” is the electronic labeling and filing of scanned documents. The “scanning” of personnel files, then and now, has been handled in Florida, in agency and Convergys facilities. The purpose of the scanning/indexing project is to eventually eliminate paper personnel files and to provide state employees secure, electronic access to their personnel records through People First!. Convergys has cooperated in the DMS investigation.
Translation: DMS realized nearly two years ago that its offshoring of personnel records wasnt such a great political move.
It moved processing back to Florida and launched an investigation to deflect a barrage of criticism from unions and politicos looking for points.
“Convergys and the state of Florida have a contract. There was a subcontract was between GDX and Convergys,” said Koenigkramer.
The contract between Convergys and the state of Florida provided that all work was to be done in Florida, however, a subcontractor to GDX shipped some of the work to a subcontractor of its own in India.
Based on the evidence today, the personnel records of employees, who worked for the state anytime between January 1, 2003 and June 30, 2004, may have been indexed overseas and therefore may be affected. Based on current evidence, the personnel records of employees who retired prior to January 1, 2003 and “benefit only users” of People First!—including legislative, university and court employees—are not affected. DMS will notify employees who are potentially affected by the end of next week.
For employees who are potentially affected, DMS—in cooperation with Convergys/People First!—is providing assistance including a one-year credit protection program with credit alerts and identity theft coverage.
If Koenigkramer said there was no data breach—and nothing indicates that directly in the e-mail were dissecting here—why bring up whos affected? Affected by what? Oh yeah, affected by offshore outsourcing.
I suppose offshoring is worse than some worker leaving his laptop full of personal data in the back of an unlocked rental car.
If you are a potentially affected employee and have concerns that this activity, which occurred almost two years ago, may impact you, a toll-free hotline (1-866-663-4735 press prompt 5) and an email address (PeopleFirst@dms.state.fl.us) have been set-up to answer your questions and to provide you information about the credit protection program.
A call to that number yields a friendly rep that reads the letter to employees.
Shes stumped when asked: Is the letter informing me that my files went offshore or that my data has been compromised? Silence. “It looks like its saying it went offshore,” she said.
The next question: So is that inherently mean offshore is insecure? “It doesnt look like any information has been used,” she said.
It is common today for businesses and even government to use offshore companies to provide customer services and to process medical, credit and financial records. However, the use of offshore services in this case was inappropriate and unacceptable. Convergys has cancelled their subcontract with GDXdata, and DMS is requiring Convergys to immediately ensure all other subcontractors are pre-screened, pre-approved by DMS and are legally obligated to meet all People First! security requirements.
Here comes the CYA. The Florida is taking action and has to look like it is doing something about this outrageous offshore outsourcing.
In the meantime, the state reassures you that there are no data security issues thus far. Confused yet?
Again, even though there is no evidence that state employee personnel information has been compromised as a result of this overseas work, please take every possible precaution to protect yourself, your family and co-workers from identity theft. It is a good idea to check your credit report regularly. You may request a free credit report once every 12 months. Visit www.annualcreditreport.com or call toll-free 1-877-322-8228. And be sure to report any suspicions of potential identify theft to the proper authorities. For information on preventing identity theft and steps to take should you become a victim, visit the Florida Identity Theft Resource Center.
Safeguarding your personal information is our highest priority. State agencies and the Department of Management Services will continue to work together to ensure that all state employee personal information remains secure and protected.
Boy, thats a relief. Now if they can only find a better way to communicate that priority without confusing us.